Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this month, with some of the more widely used software makers, including Apple, Google, Microsoft, Mozilla, and Oracle, fixing near-record volumes of security bugs and/or quickening the tempo of their patch releases.[1]
As it does on the second Tuesday of every month, Microsoft released software updates to address at least 118 security vulnerabilities in its various Windows operating systems and other products. Remarkably, this is the first Patch Tuesday in nearly two years that Microsoft is not shipping any fixes to address emergency zero-day flaws already being exploited. Nor have any of the flaws fixed today been previously disclosed (potentially giving attackers a heads-up on how to exploit the weaknesses).
Sixteen of the vulnerabilities earned Microsoft’s most dire “critical” label, meaning malware or miscreants could abuse these bugs to seize remote control over a vulnerable Windows device with little or no help from the user. Rapid7 has done much of the heavy lifting in identifying some of the more concerning critical weaknesses this month, including:
- CVE-2026-41089: A critical stack-based buffer overflow in Windows Netlogon that offers an attacker SYSTEM privileges on the domain controller. No privileges or user interaction are required, and attack complexity is low. Patches are available for all versions of Windows Server starting with 2012.
- CVE-2026-41096: A critical RCE in the Windows DNS client implementation warrants attention, despite Microsoft assessing exploitation as less likely.
- CVE-2026-41103: A critical elevation of privilege vulnerability that allows an unauthorized attacker to impersonate an existing user by presenting forged credentials, thus bypassing Entra ID. Microsoft expects that exploitation is more likely.
May’s Patch Tuesday is a welcome respite from April, which saw Microsoft fix a near-record 167 security flaws. Microsoft was among a few dozen tech giants granted access to “Project Glasswing,” a much-hyped AI capability developed by Anthropic that appears quite effective at uncovering security vulnerabilities in code.
Apple, another early participant in Project Glasswing, typically fixes an average of 20 vulnerabilities with each iOS security update, said Chris Goettl, vice president of product management at Ivanti. On 11 May, Apple shipped updates to address at least 52 vulnerabilities and backported the changes to iPhone 6s and iOS 15.
Last month, Mozilla released Firefox 150, which resolved 271 vulnerabilities reportedly discovered during the Glasswing evaluation. “Since Firefox 150.0.0 was released, they have been on a more aggressive weekly cadence for security updates, including the release of Firefox 150.0.3 on May Patch Tuesday, resolving between three to five CVEs in each release,” Goettl said.
The software giant Oracle likewise recently increased its patch pace in response to their work with Glasswing. In its most recent quarterly patch update, Oracle addressed at least 450 flaws, including more than 300 fixes for remotely exploitable, unauthenticated flaws. But at the end of April, Oracle announced it was switching to a monthly update cycle for critical security issues.
On 8 May, Google began rolling out updates to its Chrome browser that fixed 127 security flaws (up from just 30 the previous month). Chrome automatically downloads available security updates, but installing them requires a full restart of the browser.
If you haven’t backed up your data and/or drive lately, doing that before updating is generally sound advice. For a more granular look at the Microsoft updates released today, check out this inventory from the SANS Internet Storm Center.[2]
BTW – the singer and songwriter Clarence Carter passed away last week at the age of 93. He sang the 70’s hit “Patches.”
This article is shared at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information (CTI) via a notification/Tier I analysis service (RedXray) or an analysis service (CTAC). For questions, comments or assistance, please contact the office directly at 1-844-492-7225 or feedback@redskyalliance.com
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
[1] https://krebsonsecurity.com/2026/05/patch-tuesday-may-2026-edition/#more-73582
Comments